also, fyi, the sample file files/whiteorg.txt doesn't have $ to force it
only to match the line ending, which I believe is what I used to come up
with my incorrect assumption.  Putting in at least 1 example in that file
with a $ might help others not make the same mistake that I have.  My
money's on well more than half of the admins using ASSP haven't made the
same mistake.

In the sample file, everything starts with \b, clearly telling us that it
needs to be the start of a word, but no lines end with $ or even \b   For
example:

\bbank of america

When I see that, I think "we have the \b so that some scammer can't get
senderbase to have their network as 'BADbank of america' and get through
our filters."  That's logical, but I also assumed that because there isn't
a trailing \b (or actually $) that it's going to the end of the line.  Why
would someone put a \b at the beginning, but not care about "bank of
americascammer network" also being a match?

Maybe edit the sample whiteorg or put a note at the top to help others?

On Thu, Apr 29, 2021 at 10:05 AM K Post <nntp.p...@gmail.com> wrote:

> My assumption was wrong for as long as senderbase has been in ASSP then!
> I'll be adding the $ end of line requirement to everything in senderbase
> shortly.
>
> Is this also also true of dkimAddresses and dkimNPAddresses?
>
> On Mon, Apr 26, 2021 at 2:50 AM Thomas Eckardt <thomas.ecka...@thockar.com>
> wrote:
>
>> >I (maybe incorrectly) assumed that the *word boundary* was *automatically
>> added* on the end.
>>
>> Hmm....  what is causing this assumtion reading the description of
>> whiteSenderBase?
>>
>> *Whitelisted Organizations, Domains and Hosts in SenderBase**
>> (whiteSenderBase)*
>> If the organization, domain or hostname in the SenderBase IP description
>> matches this Perl regular expression, the message will be considered
>> non-spam. For example file:files/whiteorg.txt
>> NOTICE: If only the hostname matches an entry and DoOrgWhiting is set to
>> "whiting", the domain+organization pair will not be added to the white
>> organizations!
>>
>>
>> walmart.com.mx
>>
>> \bwalmart\.com - match
>> \bwalmart\.com\b - match
>> \bwalmart\.com$ - no match
>>
>> Thomas
>>
>>
>>
>>
>>
>>
>> Von:        "K Post" <nntp.p...@gmail.com>
>> An:        "ASSP development mailing list" <
>> assp-test@lists.sourceforge.net>
>> Datum:        25.04.2021 12:25
>> Betreff:        [Assp-test] Senderbase Matching Substring
>> ------------------------------
>>
>>
>>
>> For a long time, I've had
>> \bwalmart\.com
>> in my whiteSenderBase configuration.  Some of our staff shops at walmart
>> and anything from Walmart's ip space should be considered white.  All good
>> there.
>>
>> However, I had a bunch of spam slip through because of this overnight.
>> When I did an alayze, I saw:
>> 129.41.173.75 SenderBase: status=white SenderBase, data=[CN=US,
>> ORG=ACOUSTIC-ATL-01, DOM=*walmart.com* <http://walmart.com/>*.mx*, BLS=,
>> HNM=Y, CIDR=23, HN=*mail9320.hayhouse.mkt9919.com*
>> <http://mail9320.hayhouse.mkt9919.com/>]
>>
>> WhiteDomain Regex: whiteSenderBaseRE '*walmart.com* <http://walmart.com/>
>> '
>> [scoring] SenderBase -- White Domain '*walmart.com* <http://walmart.com/>
>> '
>> It's matching *walmart.com* <http://walmart.com/>*.MX*
>>
>> I've never put a \b at the end of config lines in whiteSenderBase, I
>> (maybe incorrectly) assumed that the word boundary was automatically added
>> on the end.
>>
>> Is the \b on the end necessary, if I don't want to match *walmart.com.mx*
>> <http://walmart.com.mx/> and only want to match *walmart.com*
>> <http://walmart.com/>?   Is there another way, coding error, config
>> mistake, etc?
>>
>> Thanks!_______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to